On Sat, 27 Jul 2019, [email protected] wrote:
Message: 2
Date: Sat, 27 Jul 2019 08:35:46 -0400
From: Ian Kelling <[email protected]>
To: Habs <[email protected]>
Cc: [email protected]
Subject: Re: [Bug-gnuzilla] gpg public signatures eq. Icecat/Ruben
(fwd)
Message-ID: <[email protected]>
Content-Type: text/plain
Habs <[email protected]> writes:
Hello list - sending this again please...
Where can 'we' find up-to-date public signature files for checking
software please ? e.g. Ruben's key for icecat. Then, how can we ensure
they are not tampered with fingerprints etc ?
I'm asking because I came across some old sigs... and the only link I
could find was on Savannah 'download the keyring' and some on there did
not match others I came across elsewhere.
Looking forward to some help with the above. Thank you. Habs
https://ftp.gnu.org/gnu/gnu-keyring.gpg
and in ruben's case, you can also verify by checking
https://www.fsf.org/about/staff-and-board
which has his key fingerprint and links to
https://static.fsf.org/nosvn/fsf-keyring.gpg
He did change to a new key this year and other people have asked similar
questions.
--
Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7 DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org
Thank you for the info. I have managed to get some keys from the
fsf-keyring link that verified fine.
There are still some inconsistencies as I encountered it yesterday, with
the fingerprint/key for Ruben listed specifically on the 'staff-and-board'
link; I had problems with that key/fingerprint/verification [of icecat],
but the one in the fsf-keyring was fine.
Thanks again. Best wishes, Habs.
--- Sent using Alpine/Pine, probably the best MUA ---
--
http://gnuzilla.gnu.org
